An implementation of the hashcat rules engine in javascript
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Feb 7, 2016
README.md Update README.md Feb 26, 2016
bower.json adding bower file Feb 25, 2016
hashcatJS.js adding hashcat engine Feb 7, 2016
index.html fixing background for success case Feb 15, 2016
passwords.js adding hashcat engine Feb 7, 2016
rule.js adding smaller rule set Feb 15, 2016
rule2.js changing to use fewer rules and more passwords Feb 15, 2016

README.md

hashcatJS logo

hashcatJS

An implementation of the hashcat rules engine in javascript

#Author Dylan Ayrey

##For registration pages HashcatJS can be used for client side verification of password registrations. It has the ability to spot if a user's password falls into the top 10,000 picked passwords, and it also has the ability to see if those passwords fall into rule sets. More information on rule based password cracking can be found here: Statistics Will Crack Your Password Mask Structure

##Example code

To use this library, simply include the rule set you want, the dictionary you want to use, and the hashcatJS engine

		<script src="rule.js"></script>
		<script src="passwords.js"></script>
		<script src="hashcatJS.js"></script>
		<script>
		    checkThisPassword(usersPassword, 9999) //tweak 9999 to alter the number of dictionary entries to try, max size 9999 with default dictionary
		</script>

###Rule Set The rule sets must be of the following form

    var ruleSet = ":\nr\nT0\nu\n]\nd"
    

More information on rules can be found here

The rule set used by default is the Hob0 rule set

###Dictionary The dictionary must be of the following form

    var passwords = ["password", "123456", "12345678", "1234"]

##Installation

You can install hashcatJS with bower

bower install hashcatJS

##For brute forcing login pages With slight modification HashcatJS can also be used to brute force a login page. Given a page with no account lockout, HashcatJS can be used to send requests to the server for common passwords and rule variations of those common passwords. Future releases will make this functionality more accessible. Pull requests welcome.

Using hashcatJS in at interesting way? Feel free to tweet us @praetorianlabs